[Nfd-dev] How to start a certificate chain from scratch

Junxiao Shi shijunxiao at email.arizona.edu
Wed Mar 11 11:55:57 PDT 2015 

Hi Xiaoke/Jiewen
(correcting a typo below)

Thanks for your examples. However, I need to start from scratch. Suppose:

   - root/site/user certificates are created according to
   http://www.lists.cs.ucla.edu/pipermail/nfd-dev/2014-November/000616.html
   - Two machines have NDNS package installed. One is to host root zone,
   the other is to host site1 zone.

I need the commands to:

   - create root zone: /example
   - publish root certificate: /example/KEY/ksk-1/ID-CERT
   - create site1 zone: /example/site1
   - delegate site1 zone from root zone
   - publish site1 certificate: /example/KEY/site1/ksk-2/ID-CERT (should
   this be published at root zone or site1 zone?)
   - publish user1 certificate: /example/site1/KEY/user1/ksk-3/ID-CERT


Yours, Junxiao

On Wed, Mar 11, 2015 at 11:39 AM, Xiaoke Jiang <shock.jiang at gmail.com>
 wrote:

> Hi Junxiao,
> There are two ways to insert a certificate into NDNS, one is to embed it
> in update message and deliver it to name server, and the other is calling
> management tool to modify the local database directly.
>  I present an example to show the two ways, assume the certificate is
> named
> /ndn/edu/ucla/KEY/bob/dsk-1420913151451/ID-CERT/%FD%00%00%01J%D5%06%0F%C8,
> and stored in the local file ndn.edu.ucla.bob.cert
> 1) sending update message locally or remotely: ndns-update -f ndn.edu
> .ucla.bob.cert
> 2) calling management tool locally: ndns-add-rr-from-file /ndn/edu/ucla -f
> ndn.edu.ucla.bob.cert
>
> And the management tools that remove it is: ndns-remove-rr /ndn/edu/ucla
> /bob/dsk-1420913151451 ID-CERT.
> As to remove it remotely, authorized party should send a update message
> embedding a NDNS-NACK with the same name prefix but greater version number.
>
> Note that  the certificates issued by NDN Testbed is automatically stored
> in the NDNS instance hosted on the testbed.
>
> Xiaoke (Shock)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150311/6d880903/attachment.html>

More information about the Nfd-dev mailing list